forked from djberg96/rack-auth-kerberos
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathREADME
39 lines (30 loc) · 1.29 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
= Description
The rack-kerberos library is a Rack library that uses Kerberos to authenicate
users against your Kerberos server.
= Prerequisites
* rack 1.0.0 or later
* rkerberos 0.1.0 or later
= Usage
use "Rack::Auth::Kerberos", "user_field", "password_field", "YOUR.REALM_NAME"
= Default Fields
The default user field is "username".
The default password field is "password".
The default realm is whatever you've got set in your krb5.conf file.
= Details
This rack library only handles requests that contain a username and password
parameter. If both are not present, the request is forwarded normally.
If a username and password are detected, then they're authenicated against
your Kerberos server. If valid, then env['AUTH_USER'] is set to the username
and env['AUTH_FAIL'] is deleted. If invalid, then env['AUTH_USER'] is deleted
and env['AUTH_FAIL'] is set to an error message explaining what went wrong.
Note that if env['AUTH_USER'] or env['AUTH_FAIL'] are already set, then the
request is forwarded normally.
Some details are logged in env['AUTH_LOG'], primarily for debugging purposes,
if needed.
= TODO
Handle other types of authentication, e.g. HTTP basic auth with a username
and password are submitted, instead of only looking in request params.
= Authors
Daniel Berger
Charlie O'Keefe
Marty Haught